From f8a909f0915983b7e16a55abffee858e567ff6d7 Mon Sep 17 00:00:00 2001 From: CrazyMax Date: Thu, 3 Sep 2020 20:38:04 +0200 Subject: [PATCH] Allow daemon side entitlements by default Signed-off-by: CrazyMax --- README.md | 2 +- action.yml | 1 + dist/index.js | 3 ++- src/context.ts | 4 +++- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 434ac14..baa42ed 100644 --- a/README.md +++ b/README.md @@ -131,7 +131,7 @@ Following inputs can be used as `step.with` keys | `version` | String | [Buildx](https://github.com/docker/buildx) version. (e.g. `v0.3.0`, `latest`) | | `driver` | String | Sets the [builder driver](https://github.com/docker/buildx#--driver-driver) to be used (default `docker-container`) | | `driver-opts` | CSV | List of additional [driver-specific options](https://github.com/docker/buildx#--driver-opt-options) | -| `buildkitd-flags` | String | [Flags for buildkitd](https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md) daemon | +| `buildkitd-flags` | String | [Flags for buildkitd](https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md) daemon (default `--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host`) | | `install` | Bool | Sets up `docker build` command as an alias to `docker buildx` (default `false`) | | `use` | Bool | Switch to this builder instance (default `true`) | diff --git a/action.yml b/action.yml index 369c8f3..c50254a 100644 --- a/action.yml +++ b/action.yml @@ -19,6 +19,7 @@ inputs: required: false buildkitd-flags: description: 'Flags for buildkitd daemon' + default: '--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host' required: false install: description: 'Sets up docker build command as an alias to docker buildx' diff --git a/dist/index.js b/dist/index.js index db03322..c07d16f 100644 --- a/dist/index.js +++ b/dist/index.js @@ -6528,7 +6528,8 @@ function getInputs() { version: core.getInput('version'), driver: core.getInput('driver') || 'docker-container', driverOpts: yield getInputList('driver-opts', true), - buildkitdFlags: core.getInput('buildkitd-flags'), + buildkitdFlags: core.getInput('buildkitd-flags') || + '--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host', install: /true/i.test(core.getInput('install')), use: /true/i.test(core.getInput('use')) }; diff --git a/src/context.ts b/src/context.ts index c2af0f3..b8a3d9b 100644 --- a/src/context.ts +++ b/src/context.ts @@ -17,7 +17,9 @@ export async function getInputs(): Promise { version: core.getInput('version'), driver: core.getInput('driver') || 'docker-container', driverOpts: await getInputList('driver-opts', true), - buildkitdFlags: core.getInput('buildkitd-flags'), + buildkitdFlags: + core.getInput('buildkitd-flags') || + '--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host', install: /true/i.test(core.getInput('install')), use: /true/i.test(core.getInput('use')) };